r2996 - trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches
Simon Horman
horms@costa.debian.org
Fri, 22 Apr 2005 07:02:42 +0000
Author: horms
Date: 2005-04-22 07:02:41 +0000 (Fri, 22 Apr 2005)
New Revision: 2996
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff
Log:
[CAN-2004-0790] Just silently ignore ICMP Source Quench message
s. (See: #305655)
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff 2005-04-22 06:54:30 UTC (rev 2995)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/164_icmp-quench.diff 2005-04-22 07:02:41 UTC (rev 2996)
@@ -0,0 +1,51 @@
+# origin: davem (BitKeeper)
+# cset: 1.1448.37.7 (2.4) key=414625edeBHgUwGcld08PACSp9LfiA
+# URL: http://linux.bkbits.net:8080/linux-2.4/cset@414625edeBHgUwGcld08PACSp9LfiA
+# inclusion: upstream
+# descrition: [TCP]: Just silently ignore ICMP Source Quench messages.
+# revision date: Fri, 22 Apr 2005 15:42:08 +1000
+#
+# S rset: ChangeSet|1.1448.37.6..1.1448.37.7
+# I rset: net/ipv4/tcp_ipv4.c|1.25..1.26
+#
+# Key:
+# S: Skipped ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted Manually deleted by subsequent user edit
+# R: Revised Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/09/13 15:57:49-07:00 davem@nuts.davemloft.net
+# [TCP]: Just silently ignore ICMP Source Quench messages.
+#
+# Recommended by draft-gont-tcpm-icmp-attacks-01.txt
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# net/ipv4/tcp_ipv4.c
+# 2004/09/13 15:57:37-07:00 davem@nuts.davemloft.net +1 -5
+# [TCP]: Just silently ignore ICMP Source Quench messages.
+#
+#
+===== net/ipv4/tcp_ipv4.c 1.25 vs 1.26 =====
+--- 1.25/net/ipv4/tcp_ipv4.c 2004-03-29 15:55:12 +10:00
++++ 1.26/net/ipv4/tcp_ipv4.c 2004-09-14 08:57:37 +10:00
+@@ -1025,11 +1025,7 @@ void tcp_v4_err(struct sk_buff *skb, u32
+
+ switch (type) {
+ case ICMP_SOURCE_QUENCH:
+- /* This is deprecated, but if someone generated it,
+- * we have no reasons to ignore it.
+- */
+- if (sk->lock.users == 0)
+- tcp_enter_cwr(tp);
++ /* Just silently ignore these. */
+ goto out;
+ case ICMP_PARAMETERPROB:
+ err = EPROTO;